Data Privacy Information (according to Art. 13, 14 and 21 GDPR)
Data protection is an important concern for us. Below we inform you how we process your data regarding the access via separation cabin and which rights you have. As the person responsible for processing, Forschungszentrum Jülich has implemented numerous technical and organisational measures to ensure the most complete possible protection of your personal data.
Responsible body in the sense of the data protection laws is:
Forschungszentrum Jülich GmbH
Processing purposes and legal basis
Your personal data will be processed in accordance with the provisions of the Gnereral Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-neu) and other relevant data protection regulations. The processing and use of the individual data is necessary for the following purposes:
- Access control to the Reinraum area of the HNF by administration of user profiles with hand-held vein scanner in combination with RFID chip
- Administration according to authorization profiles
- Increased security through personalised access separation
Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website) contain further details and additions for processing purposes.
The legal basis for this processing is Art. 6 I lit. f GDPR. Processing operations are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company, provided that your interests, fundamental rights and fundamental freedoms do not prevail. If the processing of personal data is necessary to fulfil a contract or a pre-contractual measure, then Art. 6 para. 1 lit. b GDPR is the legal basis. We conscientiously protect your data against loss, misuse, unauthorised access, unauthorised disclosure, falsification or destruction.
Within our company, your data is stored on password-protected servers to which only a limited number of people have access.
Categories of personal data processed by us
- Personal data (e.g. last name, first name)
- Contact data (e.g. email address, OE/institute, home institution)
- Biometric data: Hand vein data (Information: For security reasons, the system does not store the original hand vein data. The system compresses and encrypts the scan data when scanning the profiles according to an internal procedure.)
Who receives the data?
We pass on your personal data within our company to the divisions,who need this data to fulfil their contractual and legal obligations or to implement our legitimate interest. The storage and access location of your data is the central unit of the system for controlling the hand vein scan.
Will your data be transferred to a third country or to an international organisation?
Data processing outside the EU or the EEA does not take place.
How long do we store your data?
If necessary, we process your personal data for the duration of use and authorized access to the premises of the HNF, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the Fiscal Code (AO). The periods for storage and documentation specified there are up to ten years after the end of your activity at the research centre or the pre-contractual legal relationship.
In addition, the following deletion periods apply:
- For DZ projects (external companies): deletion of users' biometric data after return of the RFID chips. Deletion of all data after receipt of payment.
- In the case of R&D projects (external and internal users of cooperation partners): deletion of biometric data and the identification of the user's RFID chip after return of the RFID chip. Deletion of all data after confirmation of the correct proof of use by the sponsor. (Usually this is 3 years, max. 5-6 years).
- In the case of internal service charges - ILV (internal users): deletion of the biometric data and the assignment by name when the RFID chip is returned by the user or when the service is cancelled. Deletion of all data after closing of the current accounting year of the FZJ.
- Since the RFID tags are subject to wear and tear, the HNF recommends the general exchange of the RFID tags at the latest after a use of 3 - 5 years. The data of the previous RFID chip will then be deleted after the closing date for the current accounting year of the FZJ.
To what extent is there automated decision-making in individual cases (including profiling)?
As a responsible company, we refrain from an automated decision-making procedure or profiling in accordance with Article 22 GDPR.
Your Privacy Rights
You have the right of access pursuant to Art. 15 GDPR, the right of rectification pursuant to Art. 16 GDPR, the right of deletion pursuant to Art. 17 GDPR, the right of restriction of processing pursuant to Art. 18 GDPR and the right of data transfer pursuant to Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).
Your right to appeal to the competent supervisory authority
In addition, you have the right to appeal to the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
Or contact directly our Data Protection Officer:
Forschungszentrum Jülich GmbH
Scope of your obligations to provide us with your data
You only need to provide the data required for access and administration of access to the clean room of the HNF or which we are legally obliged to collect. If we also request data from you, you will be informed of the voluntary nature of the information separately.